Loading Events

« All Events

Windows Forensic Analysis: Stafford, VA

April 22 @ 8:30 am April 26 @ 4:30 pm EDT

Hands-On & Deeply Immersive

Instructor-led 5-days

Course Objectives

01. Perform in-depth Windows forensic analysis by applying peer-reviewed techniques focusing on Windows 7, Windows 8/8.1, Windows 10, Windows 11, and Windows Server products

02. Use state-of-the-art forensic tools and analysis methods to detail nearly every action a suspect accomplished on a Windows system, including who placed an artifact on the system and how, program execution, file/folder opening, geolocation, browser history, profile USB device usage, cloud storage usage, and more

03. Perform “fast forensics” to rapidly assess and triage systems to provide quick answers and facilitate informed business decisions

04. Uncover the exact time that a specific user last executed a program through Registry and Windows artifact analysis, and understand how this information can be used to prove intent in cases such as intellectual property theft, hacker-breached systems, and traditional crimes

05. Determine the number of times files have been opened by a suspect through browser forensics, shortcut file analysis (LNK), email analysis, and Windows Registry parsing

06. Audit cloud storage usage, including detailed user activity, identifying deleted files, signs of data exfiltration, and even uncovering detailed information on files available only in the cloud

07. Identify items searched by a specific user on a Windows system to pinpoint the data and information that the suspect was interested in finding, and accomplish detailed damage assessments

08. Use Windows Shell Bag analysis tools to articulate every folder and directory a user or attacker interacted with while accessing local, removable, and network drives

09. Determine each time a unique and specific USB device was attached to the Windows system, the files and folders accessed on it, and what user plugged it in by parsing Windows artifacts such as Registry hives and Event Log files

10. Learn Event Log analysis techniques and use them to determine when and how users logged into a Windows system, whether via a remote session, at the keyboard, or simply by unlocking a screensaver

11. Mine the Windows Search Database to uncover a massive collection of file metadata and even file content from local drives, removable media, and applications like Microsoft Outlook, OneNote, SharePoint, and OneDrive.

12. Determine where a crime was committed using Registry data and pinpoint the geolocation of a system by examining connected networks and wireless access points

13. Use browser forensic tools to perform detailed web browser analysis, parse raw SQLite and ESE databases, and leverage session recovery artifacts to identify web activity, even if privacy cleaners and in-private browsing software are used

14. Parse Electron Application databases allowing the investigation of hundreds of third-party applications including most chat clients

15. Specifically determine how individuals used a system, who they communicated with, and files that were downloaded, modified, and deleted


Request a Seat with DoD Training Center:

In order to avoid the risk of being rejected for a spot in this Boot Camp follow these steps: 1. Confirm your spot by signing up for RSVP. 2. If we have an available spot our team will confirm you through email. 3. Once you get the confirmation you can come to this event and purchase Boot Camp Ticket below. 4. If you have any questions you can write to

0 Going


The numbers below include tickets for this event already in your cart. Clicking “Get Tickets” will allow you to edit any existing attendee information as well as change ticket quantities.
Windows Forensic Analysis: April 22-26, 2024 Stafford, VA

Leave a Reply

Your email address will not be published. Required fields are marked *

Shopping Cart